public sniff_token ( ) |
public function sniff_token()
{
$locale = fusion_get_locale();
$error = FALSE;
if (!empty($_POST)) {
// Check if a token is being posted and make sure is a string
if (!isset($_POST['fusion_token']) || !isset($_POST['form_id']) || !is_string($_POST['fusion_token']) || !is_string($_POST['form_id'])) {
$error = $locale['token_error_2'];
} elseif (!isset($_SESSION['csrf_tokens'][self::pageHash()][$_POST['form_id']])) {
// Require set pageHash.
$error = $locale['token_error_9'];
// Check if the token exists in storage
} elseif (!in_array($_POST['fusion_token'], $_SESSION['csrf_tokens'][self::pageHash()][$_POST['form_id']])) {
$error = $locale['token_error_10'] . stripinput($_POST['fusion_token']);
} elseif (!self::verify_token(0)) {
$error = $locale['token_error_3'] . stripinput($_POST['fusion_token']);
}
}
// Check if any error was set
if ($error !== FALSE) {
// Flag the token as invalid
$this->tokenIsValid = FALSE;
// Flag that something went wrong
$this->stop();
if ($this->debug) {
// Add Error Notices
setError(2, $error, FUSION_SELF, FUSION_REQUEST, "");
addNotice('danger', $error);
}
}
}
} else { if ($mime_types[$extension] != $each['type']) { die('Prevented an unwanted file upload attempt!'); } } } unset($file_info, $extension); } } unset($mime_types); } } $defender = new defender(); // Set admin login procedures Authenticate::setAdminLogin(); $defender->debug_notice = FALSE; // turn this off after beta. $defender->sniff_token(); $dynamic = new dynamics(); $dynamic->boot(); $fusion_page_head_tags =& \PHPFusion\OutputHandler::$pageHeadTags; $fusion_page_footer_tags =& \PHPFusion\OutputHandler::$pageFooterTags; $fusion_jquery_tags =& \PHPFusion\OutputHandler::$jqueryTags; // Set theme using $_GET as well. // Set theme if ($userdata['user_level'] == USER_LEVEL_SUPER_ADMIN && isset($_GET['themes']) && theme_exists($_GET['themes'])) { $newUserTheme = array("user_id" => $userdata['user_id'], "user_theme" => stripinput($_GET['themes'])); dbquery_insert(DB_USERS, $newUserTheme, "update"); redirect(clean_request("", array("themes"), FALSE)); } set_theme(empty($userdata['user_theme']) ? fusion_get_settings("theme") : $userdata['user_theme']);